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(54) Method and apparatus for automatic discovery of logical links between network devices 



(57) The present invention comprises a method and 
apparatus for automatic discovery of logical links be- 
tween network devices. In one embodiment, the present 
invention comprises part of a network management sys- 
tem ("NM") that manages a discrete set of network de- 
vices. The NM sends SNMP queries to individual net- 
work devices managed by the NM to obtain interface 
configuration data for each of the network interfaces of 
the device. The information requested includes destina- 
tion information ("next hop" or "neighbor" IP address) 
for data packets sent from the interface. The NM checks 
to see whether a logical link corresponding to the re- 



ceived configuration information already exists in a log- 
ical link database maintained by the NM. If such a link 
exists the NM checks to see if the existing information 
for the link is valid. If the existing fink data is valid, no 
change is made. If the existing information is not valid, 
or if no corresponding link is found in the link database, 
the NM creates a new link corresponding to the new con- 
figuration information. In one or more embodiments, the 
NM displays a graphical view of the discovered IP links 
on a graphical network map. 
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Description 

[0001 ] The present invention relates to the field of da- 
ta communications networks, and more particularly to a 
method and apparatus for automatically discovering 
logical connections between network devices. 
[0002] A data communications network transmits da- 
ta among and between network devices (sometimes al- 
so referred to as "nodes") physically and logically con- 
nected to the network. The physical configuration of a 
network changes as network devices are added or re- 
moved from the network and as physical connections 
between de vices are made or changed. The logical con- 
figuration of a network changes as logical connections 
are established between communicating network devic- 
es utilizing the physical structure of the network. Net- 
work devices include devices that can send and/or re- 
ceive data, as well as devices that can forward data. 
Network devices that can forward data are important in 
all but the very simplest networks. In most networks di- 
rect connections do not exist between most network de- 
vices. Instead, each network device is connected to a 
limited number of adjacent network devices. For net- 
work devices to be able to communicate when they are 
not physically connected, the two communicating net- 
work devices rely on intermediate network devices to 
forward communications between them. 
[0003] Data is commonly transmitted over a data 
communications network in the form of discrete chunks 
of data referred to as "packets". A string of data is broken 
up into packets at the sending network device and sent 
separately over the network to the receiving network de- 
vice. The network device receives the individual packets 
and assembles them in the correct order to reconstruct 
the original data string. The particular manner in which 
packets are broken up and transmitted from one net- 
work device to another is defined as a "network proto- 
col". One prominent network protocol is the "Internet 
Protocol", usually referred to by its acronym, "IP", or as 
the "IP protocol." Another protocol is called "Multi-Pro- 
tocol Label Switching", or "MPLS". 
[0004] Data communications networks are often con- 
ceptualized as comprising a hierarchy of communica- 
tions "layers" that establish different types of connec- 
tions between network devices. The more basic func- 
tions are provided at the lower layers, while successive- 
ly more sophisticated functions are provided at succes- 
sively higher layers. Different protocols are used to com- 
municate between devices on each layer. Layering al- 
lows sophisticated communications functions to be built 
up using relatively simple protocols at each layer. 
[0005] One common hierarchical network model is 
the so-called OSI "seven- layer" model. In the OSI mod- 
el, each lower layer in the model provides communica- 
tions capabilities or functions that are utilized by the next 
higher layer. A schematic illustration of the OSI seven- 
layer model is shown in Figure 2. As shown in Figure 2, 
the seven layers in the OSI model, beginning from the 



bottom, are physical layer 205, data link layer 21 0, net- 
work layer 215, transport layer 220, session layer 225, 
presentation layer 230, and application layer 235. In re- 
lation to the OSI model, the IP protocol is commonly con- 
5 sidered as being associated with the third layer, network 
layer 215. 

[0006] In an IP network, each sending and receiving 
device is assigned a 32-bit address. The address is usu- 
ally written as a series of four "octets" (e.g., numbers 
10 within a range of 0-255) separated by periods. Exam- 
ples of IP addresses are 127.0.0.1, 205.160.34.112, 
23.1.99.244, etc. 

[0007] Each IP packet sent over an IP network in- 
cludes the sender's IP address and the recipient's IP ad- 

15 dress. The recipient's IP address is used to route the 
packet from the sending network device via intermedi- 
ate network devices that have IP forwarding capabilities 
to the recipient network device. 
[0008] An example of a simple network that illustrates 

20 ip forwarding is shown in Figure 1 . The network of Fig- 
ure 1 includes two types of network devices: non-IP-for- 
warding devices 1 05, 1 1 0, 1 1 5 and 1 20 (represented by 
rectangles in Figure 1 and which may, for example, com- 
prise personal computers or computer workstations), 

25 and IP-forwarding devices 125, 130, 135, 140, 145 and 
150 (represented by circles in Figure 1 and which may, 
for example, comprise IP routers). The network devices 
in Figure 1 are interconnected by a various bi-directional 
connections or links 160, 162, 164, 166, 168, 170, 172, 

30 174, 176, 178 and 180, represented in Figure 1 by two- 
headed arrows. Links 160-180 may comprise direct 
physical connections between the adjacent network de- 
vices, or may comprise logical connections that involve 
intermediate devices but that are seen by the connected 

35 devices as direct connections. For example, network 
device 110 is connected to network device 130 via link 
166. That is, network device 110 knows that if it sends 
a communication via its interface port that is connected 
to link 166, the communication will be received by net- 

40 work device 1 30. It doesn't matterto network device 110 
whether link 1 66 is a single physical connection or a se- 
ries of physical connections. Logical links such as links 
160-180 in Figure 1 that connect two network devices 
will be referred to sometimes herein as "IP links". The 

45 term "IP links" as used herein includes logical links that 
use the IP protocol, as well as logical links utilizing other 
protocols, such as, for example, MPLS. 
[0009] In the example network of Figure 1 , network 
device 110 is connected directly (via link 166) only to 

50 network device 130. For network device 1 1 0 to commu- 
nicate to any other network device, the IP forwarding 
capabilities of network device 130 must be used. 
[0010] In Figure 1 , network device 130 has direct con- 
nections to three other network devices in addition to 

55 network device 1 1 0, to which it is connected via link 1 66. 
The other links are links 160, 168 and 176, which con- 
nect network device 130 to network devices 125, 135 
and 145, respectively. Each of links 160, 166, 168 and 
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176 are typically connected to separate ports on net- 
work device 1 30. Each port may be a separate physical 
interface, or two or more ports may share a single phys- 
ical interface. Each port may have its own IP address 
assigned to it. In that case, network device 130, as well 
of each of its ports, may have distinct IP addresses. 
[0011] Network device 130 of Figure 1 has been de- 
fined to have IP forwarding capabilities. That means it 
must be able to receive an IP packet (intended for de- 
livery to a network device other than network device 
130) from one of the IP links it is connected to and for- 
ward it along at least one of the other the IP links it is 
connected to. In the general case where network device 
130 is a typical router, network device 130 will be able 
to receive and forward IP packets from and to any of the 
IP links 160, 166, 168 and 176 it is connected to (pro- 
vided the links are functioning). The other network de- 
vices 125, 135, 140, 145 and 150 with IP forwarding ca- 
pabilities in the example of Figure 1 are similarly able to 
receive and forward IP packets from and to any of the 
IP links they are connected to. 
[0012] If network device 110 wants to send a commu- 
nication to, for example, network device 115, there are 
a number of paths that the communication can take. The 
most direct path comprises links 166, 176, and 178. 
However, other paths include the path comprising links 
166, 168, 174, 180 and 178, and even the path compris- 
ing links 166, 160, 162, 174, 180 and 178. 
[0013] When network device 110 sends out IP pack- 
ets to network device 115, it does not know what path 
each of the packets will take. Network device 1 1 0 simply 
addresses the packet to network device 115 using net- 
work device 115's IP number (namely 129.111.110.9 in 
the example of Figure 1 ), and sends it out over link 1 66 
towards network device 130. 

[0014] What network device 130 does with the packet 
after it receives it depends on how network device 130 
is configured. For example, network device 130 may be 
configured to forward any packet received from link 1 66 
along link 1 76. Alternatively, network device 1 30 may be 
configured to forward packets along links depending on 
the destination IP number of the packet. Network device 
130 may also be programmed to monitor traffic along 
each link and to adapt its forwarding scheme to traffic 
conditions. 

[0015] How each network device forwards packets 
depends on the capabilities and configuration of the par- 
ticular network device. As is evident even from the sim- 
ple network example of Figure 1 , it is important that net- 
work devices that do IP forwarding be properly config- 
ured to intemperate with each other to ensure that pack- 
ets are correctly routed to their destination. 
[0016] Configuration of network devices within a net- 
work comprises an aspect of network management. 
Network devices may be locally managed or remotely 
(centrally) managed. Local management of a network 
device may be accomplished using a workstation or ter- 
minal directly connected to the network device. Remote 



management of a network device may be accomplished 
from remote terminals or workstations that communi- 
cate with the network device via the network, provided 
the network device is provided with a management pro- 

5 tocol that allows remote management. One protocol 
used for remote management of network devices is the 
Simple Network Management Protocol (SNMP). SNMP 
provides a set of commands and parameters that allow 
communication with and configuration of network devic- 

10 es. A person who is responsible for management of a 
network is commonly referred to as a "network manag- 
er." Network management software systems provide 
tools to network managers that facilitate central man- 
agement of often geographically dispersed network de- 

15 vices. 

[0017] To be able to manage a network device, a net- 
work manager must know that the network device ex- 
ists, how it is connected to the network and to other net- 
work devices, and what its capabilities are. In addition, 

20 the network device must have the capability of being re- 
motely managed, the network management system 
used by the network manager must be able to commu- 
nicate with the network device using the correct proto- 
col, and the network manager must be apply to supply 

25 any required logins, passwords, or other security infor- 
mation. 

[0018] The configuration of large networks often 
changes through the addition, removal and/or replace- 
ment of network devices. To properly manage large net- 

30 works to ensure that I P packets are routed correctly over 
the network, the network manager must know when da- 
ta forwarding network devices are added or removed. 
One system used to discover network devices with data 
forwarding capabilities is described in U.S. Patent Ap- 

35 plication No. 1 0/029, 1 23 for "Method and Apparatus for 
Automatic Discovery of Network Devices with Data For- 
warding Capabilities" assigned to the assignee of the 
present invention and incorporated by reference herein. 
[0019] In small local networks, for example those in 

40 which the entire network comprises only a handful of 
network devices, it is relatively easy for a network man- 
ager to physically inspect each network device and 
know from first hand inspection when a network device 
is added or removed. In large, geographically dispersed 

45 networks comprising hundreds of network devices, it 
would be extremely difficult for the network manager to 
know from a first hand inspection what the state of the 
entire network is at any given time. 
[0020] A network being managed often comprises of 

so a plurality of subnets. A subnet is a group of network 
devices belonging to a specific block or subset of IP ad- 
dresses. For example, one type of subnet comprises IP 
numbers that share the first three octets, as for example 
215.223.46.x (where "x" can be any number from 0 to 

55 255). Larger subnets may share only the first two octets 
(e.g. 215.223.x.y). In addition to subnets, networks may 
also include individual IP numbers or ranges of IP num- 
bers. A network manager generally will know which sub- 
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nets are included in the network being managed. How- 
ever, the network manager will not necessarily know be- 
forehand the IP number of a network device to be added 
to a network, particularly if the IP number is not within 
one of the network's known subnets. 5 
[0021] In addition to needing to know the identity and 
physical configuration of the network devices them- 
selves, it is also important for the network manager to 
be able to monitor logical connections between network 
devices. A logical connection exists between network 
devices when at least one port of a first network device 
is configured so that a message sent out through that 
port will arrive at a known destination (either a network 
address or a second network device). The destination 
may be a particular port or interface on another network 
device, a particular IP address, or a particular subnet- 
work. 

[0022] An object of the present invention is to provide 
a method for automatic discovery of logical links be- 
tween network devices. 

[0023] More precisely, the invention provides a meth- 
od for automatic discovery of logical links associated 
with network devices comprising the steps of: 

selecting a first managed network device having a 
first network interface, said first network device be- 
ing managed by a network management system; 
determining a iocal interface address and a next 
neighbor address associated with said first network 
interface; 

comparing said local interface address and next 
neighbor address with endpoint address informa- 
tion associated with a plurality of logical links stored 
in a logical link database associated with said net- 
work management system; 
creating a first logical link between said local inter- 
face address and said next neighbor address; 
storing said first logical link in said logical link data- 
base; 

displaying a graphical representation of said first 
logical link on a display device. 

Thus, the present invention comprises part of a network 
management system ("NM") that manages a discrete 
set of network devices. The NM sends SNMP queries 
to individual network devices managed by the NM to ob- 
tain interface configuration data for each of the network 
interfaces of the device. The information requested in- 
cludes destination information ("next hop" or "neighbor" 
IP address) for data packets sent from the interface. 
[0024] In addition to receiving interface configuration 
information from a managed network device in response 
to a SNMP query, the NM may also receive unsolicited 
interface configuration information via a SNMP mes- 
sage originating with the network device itself. 
[0025] The NM checks to see whether a logical link 
corresponding to the received configuration information 
already exists in a logical link database maintained by 



the NM. If such a link exists the NM checks to see if the 
existing information for the link is valid. If the existing 
link data is valid, no change is made. If the existing in- 
formation is not valid, or if no corresponding link is found 
in the link database, the NM creates a new link corre- 
sponding to the new configuration information. 
[0026] If the destination information for an interface 
comprises a subnet address, the NM classifies the new 
link as a "Point-to-Subnet" IP link. If the destination in- 
formation comprises a normal IP address, the NM 
checks to see whether the destination IP address cor- 
responds to a network device under management of the 
NM. If the destination IP address does not correspond 
to a network device under management of the NM, the 
NM classifies the link between the network device and 
the IP address as a "Point-to- IP" link. If the destination 
IP address corresponds to a network device under man- 
agement of the NM, the NM classifies the link as a 
"Point-to-Point" IP link. A "Point-to- Point" IP link may in- 
clude links between interfaces that do not have individ- 
ual IP addresses ("unnumbered interfaces"). 
[0027] The NM further classifies IP links into links that 
utilize the IP protocol ("IP Forwarding"), the MPLS pro- 
tocol ("MPLS Forwarding"), or both ("IP and MPLS For- 
warding"). 

[0028] in one or more embodiments, the NM displays 
a graphical view of the discovered IP links on a graphical 
network map. 

[0029] Another object of the present invention is to 
provide an apparatus for automatic discovery of logical 
links between network devices. 
[0030] Figure 1 shows a schematic of a data commu- 
nications network that utilizes data forwarding. 
[0031] Figure 2 shows a schematic of the OS I seven 
layer network model. 

[0032] Figure 3 shows a schematic showing exam- 
ples of types of IP links discovered in an embodiment of 
the invention. 

[0033] Figure 4 shows a schematic showing exam- 
ples of types of IP links discovered in an embodiment of 
the invention. 

[0034] Figure 5 shows a schematic showing exam- 
ples of numbered and unnumbered interfaces. 
[0035] Figure 6 shows a flow chart showing a process 
used in an embodiment of the invention. 
[0036] Figures 7a, 7b and 7c show examples of 
graphical depictions of IP links in an embodiment of the 
invention. 

[0037] Figure 8 shows a schematic of an apparatus 
comprising an embodiment of the invention. 
[0038] A method and apparatus for automatical ly dis- 
covering logical links between network devices is pre- 
sented. In one or more embodiments, the invention 
comprises part of a network management system 
("NM"), such as, for example, the Alcatel 5620 Network 
Management System. In one or more embodiments, the 
invention is implemented by means of software pro- 
gramming operating on personal computers, computer 
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workstations and or other computing platforms. In the 
following description, numerous specific details are set 
forth to provide a thorough description of the invention. 
However, it will be apparent to one skilled in the art that 
the invention may be practiced without these specific 
details. In other instances, well-known features have not 
been described in detail so as not to obscure the inven- 
tion. 

[0039] Figures 3 and 4 show examples of types of log- 
ical links, referred to herein as "IP links", discovered in 
one or more embodiments of the invention. IP links are 
classified according to the characteristics of their end- 
points and of the protocols supported. 
[0040] Figure 3 shows examples of IP links classified 
according to their endpoint types. The links are shown 
with respect to two routing devices, Router A 305 and 
Router B 31 0, that are both under management of a net- 
work management system ("NM"). 
[0041 ] Router A 305 has two I P links associated with 
it. Link 315 connects Router A 305 to a device having 
the IP address 155. 100. 100. 111. The device associated 
with the IP address 155.100.100.111 is not being man- 
aged by the NM, therefore no information about this de- 
vice is known to the NM other than its IP number and 
that it is linked to Router A 305 via link 315. A link from 
a device being managed by the NM to an IP number for 
a device that is not being managed by the NM is referred 
to as a "Point-to-lP" link (an endpoint that terminates at 
a managed device is referred to as a "Point"). 
[0042] The other linkconnected to Router A305 is link 
320, which connects Router A 305 to Router B 310. Be- 
cause each endpoint of link 320 terminates at a device 
managed by the NM (namely Router A and Router B, 
respectively), link 320 is referred to as a "Point-to-Point" 
link. 

[0043] In addition to link 320, two other links are con- 
nected to Router B 310. 

[0044] Link 330 connects Router B 31 0 to IP address 
1 38. 1 20. 1 00. 1 1 1 , which is associated with a device that 
is not managed by the NM. Accordingly link 320, like link 
315, is referred to as a "Point-to-IP" link. 
[0045] Link 325 does not connect Router B 31 0 to a 
particular IP address or device, but comprises a broad- 
cast interface connecting Router B 31 0 to a subnet, des- 
ignated 193.1.1.0/24. The "0/24" portion of the subnet 
address indicates that the subnet comprises devices 
with IP addresses whose first 24 bits comprise the first 
three specified octets, namely 1 93.1 .1 . This type of link, 
connecting a managed device to a subnet, is referred to 
as a "Point-to-Subnet" link. 

[0046] Figure 4 shows examples of IP links that are 
classified according to the protocols they support. Fig- 
ure 4 shows four IP links 430, 435, 440 and 445 between 
five routers 405, 41 0, 41 5, 420 and 425. Ail of the routers 
are managed by a NM. Because the endpoints of each 
of the IP links in Figure 4 comprise devices being man- 
aged by the NM, links 430, 435, 440 and 445 are all 
"Point-to-Point" IP links. 



[0047] Link 430 between Router A 405 and Router C 
415 supports both IP and MPLS forwarding. Link 430 is 
therefore referred to as a "MPLS and IP Forwarding" IP 
link. Link 435 between Router B 410 and Router C 41 5 

s supports only IP forwarding. Link 435 is therefore re- 
ferred to as an "IP Forwarding" IP link. Link 440 between 
Router C 41 5 and Router D 420 is, like link 430, a "MPLS 
and IP Forwarding" IP link, while link 445 between Rout- 
er D 420 and Router E 425, like link 435, is an "IP For- 

10 warding" IP link. An additional type of link not shown in 
Figure 4 is a link that supports only MPLS forwarding. 
Such a link is referred to as a "MPLS Forwarding" link. 
[0048] Point-to-Point links can further be character- 
ized as "numbered" and "unnumbered" Point-to-Point 

'5 links. Numbered and unnumbered Point-to-Point links 
are illustrated in Figure 5. 

[0049] Figure 5 shows two routers 510 and 520, re- 
spectively. Router 510 comprises two network interfac- 
es 530 and 560. Interface 530 has been assigned local 

20 port number 1 and the IP number 64.56.7.82. It is re- 
ferred to as a "numbered interface" because it has an 
IP number assigned to it. Interface 560 has been as- 
signed local port number 2, but has not been assigned 
an IP number. It is therefore referred to as an "unnum- 

25 bered interface". Using unnumbered interfaces for IP 
links conserves IP numbers (important because the 
number of possible IP numbers is limited). 
[0050] Router 520 also comprises two network inter- 
faces 550 and 580. Interface 550 is a "numbered inter- 
na face" that has been assigned local the IP number 
110.55.154.8. Interface 580 is an unnumbered interface 
that has been assigned local port number 2. 
[0051] Numbered interface 550 is connected to num- 
bered interface 530 via Point-to-Point IP link 540. The 

35 configuration data for router 520 in this case Identifies 
the next neighbor for interface 550 as "64.56.7.82" (the 
IP address for numbered interface 530). Similarly, the 
configuration data for router 510 identifies the next 
neighborfor interface 530 as "110.55.154.8" (the IP ad- 

40 dress for numbered interface 550). 

[0052] Unnumbered interface 580 of router 520 is 
connected to unnumbered interface 560 of router 510 
via Point-to-Point IP link 570. Although neither interface 
560 nor interface 580 have IP numbers assigned to 

45 them, they both comprise interfaces of network devices 
(i.e. router 510 and 520, respectively) that do have IP 
addresses. Accordingly, the configuration data for router 
520 identifies the next neighbor for unnumbered inter- 
face 580 as "64.56.7.77" (the IP address of router 510), 

50 and the configuration data for router 510 identifies the 
next neighbor for unnumbered interface 560 as 
"11 0.55.154.15" (the IP address of router 520). 
[0053] Figure 6 is a flow chart showing an auto dis- 
covery process used in an embodiment of the invention. 

55 This embodiment forms part of a network management 
system (NM) that comprises a number of tools to allow 
a network manager (user) to manage routing devices in 
a network environment. The NM provides a graphical 
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user interface (GUI) that displays various views of the 
network and devices being managed, and that provides 
menus from which the network manager can select var- 
ious network management operations. In one or more 
embodiments, the views that a user may select include 5 
a "physical map" that shows a graphical representation 
of the physical devices and connections in the network 
being managed (e.g., OSI layers 1 and 2) and an "IP 
map" that shows a graphical representation of network 
devices and connections at a higher layer (e.g., OSI lay- 
er 3). One of the operations that may be selected is the 
auto discovery process of Figure 6, which discovers lay- 
er 3 IP links that may be displayed on the layer 3 IP map. 
[0054] The auto discovery process of Figure 6 is ini- 
tiated at block 600. The process may be manually initi- 
ated by a user or may be automatically initiated by an 
initiating event. A user may initiate the auto discovery 
process, for example, by selected a network device 
shown on the IP map and selecting a "Discover Links" 
command from a pull down menu. An example of an in- 
itiating event that may activate the process of Figure 6 
is a SNMP message sent to the NM from a network de- 
vice indicating that a new neighbor has been added to 
the configuration data for the network device (if the net- 
work device has been appropriately configured to send 
such a SNMP message or "trap" to the NM). 
[0055] After the auto discovery process of Figure 6 
has been initiated at step 600, the process sends a re- 
quest to the network device whose IP links are being 
discovered to obtain a list of local network interfaces 
(numbered and unnumbered) that have been config- 
ured for the network device. The request may be sent, 
for example, as a SNMP "get-Next" or "get-Bulk" re- 
quest. The list may identify a local network interface by 
an index that comprises the IP address (in the case of 
a numbered interface) and/or the local port number (in 
the case of an unnumbered interface). 
[0056] At step 610 the first interface in the list is se- 
lected and the neighbor IP address for that interface is 
obtained at step 615. Depending on the embodiment 
and the type of requests supported by the NM and the 
network device, the IP number for the interface may 
have been included in the information obtained in re- 
sponse the request sent by the NM at step 605, or a 
separate request to the network device may be neces- 
sary to obtain the neighbor IP address. The local inter- 
face index for the currently selected interface (for exam- 
ple the IP number of the network device and the port 
number for the interface in the case of an unnumbered 
interface orthe IP number of the interface in the case of 
a numbered interface) and its associated next neighbor 
IP number are stored in memory at step 620. Additional 
configuration data that may have been obtained from 
the device, such as the protocol(s) supported by the se- 
lected interface, may also be stored. 
[0057] At step 625 a determination is made as to 
whether there are any additional interfaces for which the 
next neighbor IP number has not yet been obtained. If 



there are such additional interfaces, the next interface 
is selected at step 630 and the process returns to step 
615. If there are no such additional interfaces, the proc- 
ess begins processing the local interface index/next 
neighbor IP address pairs ("attribute pairs") stored in 
memory at step 635. 

[0058] At step 635, the process selects the first local 
interface index/next neighbor IP address pair from 
memory. At step 640 a determination is made as to 
whether an existing link exists (for example in an IP link 
database maintained by the NM) whose endpoints com- 
prise the currently selected local interface index and the 
next neighbor IP number. If no such link exists, a new 
IP link having the local interface index as one endpoint 
and the next neighbor IP number as the other endpoint 
is created and added to the IP link database at step 660. 
The new link may be a Point-to-Point link (numbered or 
unnumbered) or a Point-to-IP link (depending on wheth- 
er or not the next neighbor IP number belongs to a de- 
vice under management of the NM), or a Point-to-Sub- 
net link, as appropriate. The process then proceeds to 
step 650, where a determination is made as to whether 
there are any additional local interface index/next neigh- 
bor IP address pairs in memory that need to be proc- 
essed. If no further pairs need to be processed, the end 
of the auto discovery process is signalled at step 675 
(for example by displaying a message to the user on the 
GUI of the NM), and the IP Map is updated with any dis- 
covered new and/or updated links at step 680. 
[0059] If it is determined at step 640 that an existing 
link has the currently selected local interface index and 
next neighbor IP address as its endpoints, the process 
proceeds to step 645. At step 645, a determination is 
made as to whether both endpoints are known for the 
existing link. In this case, an endpoint is "known" if the 
identity of the network device at that endpoint is under 
management of the NM, or if the endpoint comprises a 
broadcast interface to a subnet. For example, for Point- 
to-Point and Point-to-Subnet links, both endpoints are 
considered to be "known", while for a Point-to-IP link, 
the "IP" endpoint is considered to be "unknown." 
[0060] If it is determined at step 645 that both end- 
points of the existing link are "known", no change is 
made and the process continues to step 650. If it is de- 
termined at step 645 that both endpoints are not known, 
the existing link is deleted at step 665 and an updated 
link having the local interface index as one endpoint and 
the next neighbor IP address as the other endpoint is 
created and added to the IP link database at step 670. 
The updated link may be a Point-to-Point link (numbered 
or unnumbered) or a Point-to-IP link (depending on 
whether or not the next neighbor IP number belongs to 
a device under management of the NM), or a Point-to- 
Subnet link, as appropriate. The process then proceeds 
on to step 650. 

[0061] An example of a circumstance under which an 
existing link is deleted and an updated link is created 
using the procedure of steps 645, 665 and 670 is when 
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there is an existing Point-to-IP link whose "IP" endpoint 
corresponds to the local interface index of the currently 
selected local interface index/next neighbor IP address 
pair. Because the previously "unknown" endpoint is now 
"known" (i.e. it belongs to a network device that is now 
being managed by the NM), the existing "Point-to-IP" 
link is replaced with a new "Point-to-Point" link. 
[0062] Figures 7a, 7b and 7c show examples of how 
IP links between known (managed) network devices 
700 and 71 0 may be depicted on a graphical IP map in 
one or more embodiments of the invention. 
[0063] In Figure 7a, IP link 715 is shown as a uni-di- 
rectional arrow from interface 720 (having the IP ad- 
dress 1 44.23.55.88) on network device 700 to interface 
725 (having the IP address 212.33.44.16) on network 
device 71 0. The arrow is depicted as going in one direc- 
tion only: from network device 700 to network device 
710. In the embodiment of Figure 7a, such a uni-direc- 
tional arrow indicates that the interface at the tail of the 
arrow (i.e. interface 720) is configured to "see" the in- 
terface at the head of arrow (i.e. interface 725) but that 
the interface at the head of the arrow is not configured 
to "see" the interface at the tail of the arrow (a first in- 
terface "sees" a second interface if the first interface is 
configured to have the second interface as its "next hop" 
or "neighbor). 

[0064] A link such as link 715 of Figure 7a is not a fully 
functioning IP link because it only functions uni-direc- 
tionally, from network device 700 to network device 71 0. 
Because link 715 is not fully functional, in addition to 
being shown as a uni-directional arrow, it may also be 
shown in a color (for example red) that indicates to a 
user that there Is a problem with the link. In one or more 
embodiments, a fully functioning link is shown in green, 
a link that is operational but has a problem is shown in 
yellow, and a not functioning link is shown in red. 
[0065] In Figure 7b, both interface 720 of network de- 
vice 700 and interface 725 of network device 710 are 
properly configured to "see" each other. Accordingly, IP 
link 730 is shown as a bi-directional arrow. 
[0066] In Figure 7c, interface 720 of network device 
700 is configured to see interface 725 of network device 
71 0. Interface 725, however, is not configured to see in- 
terface 720. Instead, its "next neighbor" IP address has 
been mistakenly configured as 87.122.45.211. Link 750 
is accordingly shown as a uni-directional arrow from in- 
terface 720 to interface 725. In addition, an additional 
IP link 735 is shown as a unidirectional arrow from in- 
terface 725 to IP address 740. 
[0067] In the embodiments of Figures 7a, 7b and 7c, 
a user may obtain configuration information for a net- 
work device or IP link depicted on the IP map by select- 
ing the device or IP link (for example using a pointing 
device such as a mouse) and, depending on the embod- 
iment, either double-clicking, right-clicking, or selecting 
an appropriate pull-down menu command. 
[0068] Figure 8 is a schematic of an apparatus com- 
prising an embodiment of the invention. The embodi- 



ment of Figure 8 comprises a central processing unit 
(CPU) 800, a display device 850, a keyboard 880 and 
a mouse or trackball 890. CPU 800 may, for example, 
comprise a personal computer or computer workstation 
s containing one or more processors that execute com- 
puter software program instructions. In the embodiment 
of Figure 8, CPU 800 comprises computer program in- 
structions for a network management system 810. Net- 
work management system 810 comprises a number of 
software modules, including a managed devices data- 
base 811 , a managed devices identification system 812, 
a logical link database 81 3, a logical link creation system 
814, a logical link comparison system 815, and a mes- 
sage analysis system 820 for analyzing messages re- 
ceived by CPU 800 via network communications inter- 
face 830, which connects CPU 800 to network 840. 
[0069] Display device 860, which may, for example, 
comprise a CRT or LCD computer display device, com- 
prises a display area 855 for displaying graphical and 
textual information to a user. Display area 855 may also 
comprise a touch screen or other mechanism for accept- 
ing input from a user. In the embodiment of Figure 8, 
display area 855 includes a logical link display window 
860. In one embodiment, window 860 comprises a dis- 
covery range window in which network address ranges 
for discovering network devices can be specified by a 
user and are displayed, while window 870 comprises a 
discovered devices window in which discovered devices 
are displayed and from which a user can select one or 
more of the listed devices for management. Display de- 
vice 860 together with keyboard 880 and mouse or 
trackball 890 form a user interface that provides infor- 
mation to and accepts information from a user. 
[0070] Thus, a method and apparatus for automatic 
discovery of logical links between network devices has 
been presented. Although the invention has been de- 
scribed using certain specific examples, it will be appar- 
ent to those skilled in the art that the invention is not 
limited to these few examples. For example, although 
the invention has been described with respect to net- 
work devices having IP and MPLS forwarding capabili- 
ties, the invention is applicable to network devices hav- 
ing forwarding capabilities using other protocols as well. 
Other embodiments utilizing the inventive features of 
the invention will be apparent to those skilled in the art, 
and are encompassed herein. 



Claims 

50 

1. Method for automatic discovery of logical links as- 
sociated with network devices comprising the steps 
of: 

55 selecting a first managed network device hav- 

ing a first network interface, said first network 
device being managed by a network manage- 
ment system; 
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determining a local interface address and a 
next neighbor address associated with said first 
network interface; 

comparing said local interface address and 
next neighbor address with endpoint address 
information associated with a plurality of logical 
links stored in a logical link database associat- 
ed with said network management system; 
creating a first logical link between said local 
interface address and said next neighbor ad- 
dress; 

storing said first logical link in said logical link 
database; 

displaying a graphical representation of said 
first logical link on a display device. 

2. Method of claim 1 further comprising the step of 
comparing said next neighbor address with a man- 
aged devices database associated with said net- 
work management system. 

3. Method of claim 1 or claim 2 further comprising the 
steps of: 

determining that said next neighbor address is 
associated with a second managed network 
device; 

identifying said first logical link as a logical link 
between managed network devices. 

4. Method according to any one of claims 1 to 3 further 
comprising the steps of: 

determining that said next neighbor address is 
not associated with a managed network device; 
identifying said first logical link as a logical link 
between a managed network device and a net- 
work address. 

5. Method according to any one of claims 1 to 4 where- 
in said next neighbor address comprises a subnet 
address and further comprising the step of identify- 
ing said first logical link as a logical link between a 
managed network device and a subnet. 

6. Method according to any one of claims 1 to 5 where- 
in said step of creating said first logical link compris- 
es the step of deleting a second logical link in said 
logical link database. 

7. Method of claim 6 wherein said second logical link 
comprises first and second endpoint address infor- 
mation, said first endpoint address information 
comprising said next neighbor address and said 
second endpoint address information comprising 
said local interface network address. 

8. Method of claim 7 wherein said logical link database 



identifies said first endpoint address information as 
being associated with a network device being man- 
aged by a network management system and said 
second endpoint address information as being as- 
5 sociated with a network address only. 

9. Method according to any one of claims 1 to 8 further 
comprising the step of determining that said local 
interface address is not associated with any logical 

10 link in said logical link database prior to creating 
said first logical link. 

10. Method according to any one of claims 1 to9further 
comprising the step of determining that said next 

*5 neighbor address is not associated with any logical 
link in said logical link database prior to creating 
said first logical link. 

11. Method according to any one of claims 1 to 10 fur- 
20 ther comprising the step of determining that said 

next neighbor address and said local interface ad- 
dress are not both associated with any logical link 
in said logical link database prior to creating said 
first logical link. 

25 

12. Method according to any one of claims 1 to 11 
wherein said local interface address comprises a 
network address assigned to a port of said first man- 
aged network device. 

30 

13. Method according to any one of claims 3 to 12 
wherein said next neighbor address comprises a 
network address assigned to a port of said second 
managed network device. 

35 

14. Method according to any one of claims 3 to 13 
wherein said next neighbor address comprises a 
network address assigned to said second managed 
network device. 

40 

15. Method according to any one of claims 1 to 14 
wherein said local interface address comprises a 
network address assigned to said first managed 
network device and a port number of said first man- 

^5 aged network device. 

16. Method according to any one of claims 1 to 15 
wherein said logical link comprises a logical link be- 
tween unnumbered interfaces. 

50 

17. Method according to any one of claims 3 to 16 
wherein said step of displaying said graphical rep- 
resentation of said first logical link comprises dis- 
playing a representation of an arrow from said first 

55 managed network device to said second managed 
network device. 

18. Method according to any one of claims 4 to 17 
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wherein said step of displaying said graphical rep- 
resentation of said first logical link comprises dis- 
playing a representation of an arrow from said first 
managed network device to a representation of said 
next neighbor address. 

19. Method according to any one of claims 5 to 18 
wherein said step of displaying said graphical rep- 
resentation of said first logical link comprises dis- 
playing a representation of an arrow from said first 
managed network device to a representation of a 
subnet. 

20. Method according to any one of claims 1 to 19 
wherein said local interface address comprises a 
port number of said first network interface and a first 
IP address of said first managed network device. 

21 . Method of claim 20 wherein said next neighbor ad- 
dress comprises a second IP address. 

22. Method of claim 21 wherein said second IP address 
comprises an IP address of a third managed net- 
work device. 

23. Method of claim 22 wherein said second IP address 
comprises an IP address assigned to a second net- 
work interface of said third managed network de- 
vice. 

24. Method according to any one of claims 1 to 23 
wherein said step of determining said local interface 
number and said next neighbor address for said first 
network interface comprises sending a first mes- 
sage from said network management system to 
said first managed network device and receiving a 
second message from said first managed network 
device in response to said first message. 

25. Method according to any one of claims 1 to 24 
wherein said step of determining said local interface 
number and said next neighbor address for said first 
network interface comprises receiving a first mes- 
sage from said first managed network device initi- 
ated by said first managed network device upon 
said first network interface being configured. 

26. Method of claim 24 wherein said first and second 
messages comprise messages using the SNMP 
protocol. 

27. Method of claim 25 wherein said first message com- 
prises a message using the SNMP protocol. 

28. Method according to any one of claims 1 to 27 fur- 
ther comprising the step of determining a first com- 
munications protocol used by said first network in- 
terface. 



29. Method of claim 28 wherein said first logical link is 
identified in said logical link database as a logical 
link utilizing said first communications protocol. 

5 30. Method of claim 28 or claim 29 further comprising 
the step of determining a second communications 
protocol used by said first network interface. 

31. Method of claim 30 wherein said first logical link is 
10 identified in said logical link database as a logical 

link utilizing said first and second communications 
protocols. 

32. Method for automatic discovery of logical links as- 
15 sociated with network devices comprising the steps 

of: 

selecting a first managed network device hav- 
ing a first network interface, said first network 
20 device being managed by a network manage- 

ment system; 

determining a local interface address and a 
next neighbor address associated with said first 
network interface; 
25 comparing said local interface address and 

next neighbor address with endpoint address 
information associated with a plurality of logical 
links stored in a logical link database associat- 
ed with said network management system; 
30 determining that said local interface address 

and next neighbor address are both associate 
d with endpoint address information for a first 
logical link stored in said logical link database. 

35 33. Method of claim 32 further comprising the step of: 

verifying that said first logical link comprises a 
logical link between said first network interface 
and said next neighbor address. 

40 

34. Method of claim 33 wherein said verifying step com- 
prises the steps of: 

identifying said next neighbor address as an 
45 address associated with a second managed 

network device; 

obtaining a local interface address and a next 
neighbor address for a second network inter- 
face of said second managed network device; 
50 comparing said local interface address and 

next neighbor address of said second network 
interface to said local interface address and 
said next neighbor address of said first network 
interface. 

55 

35. Apparatus for discovering logical links associated 
with network devices comprising: 
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a network management system comprising: 

a database of managed network devices; 
a database of logical links associated with 
said managed network devices; s 
a network communications system for 
sending messages to managed network 
devices and receiving messages from said 
managed network devices; 
a message analysis system for determin- io 
ing local interface address information and 
next neighbor address information from 
messages received from said managed 
network devices. 

15 

36. Apparatus of claim 35 further comprising a logical 
link display for displaying said logical links. 

37. Apparatus of claim 35 or claim 36 further comprising 

a logical link creation system for creating logical 20 
links for storage in said logical links database. 

38. Apparatus of claim 37 further comprising a logical 
link information comparison system for comparing 
local interface address information and next neigh- 25 
bor address information obtained from messages 
received by from said managed network devices 
with endpoint information for said logical links 
stored in said logical links database. 

30 

39. Apparatus according to any one of claims 35 to 38 
wherein said network communications system com- 
prises means for sending and receiving messages 
utilizing the SNMP protocol. 

35 

40. Apparatus according to any one of claims 35 to 39 
further comprising a managed network device iden- 
tification system for identifying managed network 
devices associate d with said next neighbor ad- 
dress information received from said managed net- 40 
work devices. 
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(57) The present invention comprises a method and 
apparatus for automatic discovery of logical links be- 
tween network devices. In one embodiment, the present 
invention comprises part of a network management sys- 
tem ("NM") that manages a discrete set of network de- 
vices. The NM sends SNMP queries to individual net- 
work devices managed by the NM to obtain interface 
configuration data for each of the network interfaces of 
the device. The information requested includes destina- 
tion information ("next hop" or "neighbor" IP address) 
for data packets sent from the interface. The N M checks 
to see whether a logical link corresponding to the re- 



ceived configuration information already exists in a log- 
ical link database maintained by the NM. If such a link 
exists the NM checks to see if the existing information 
for the link is valid. If the existing link data is valid, no 
change is made, if the existing information is not valid, 
or if no corresponding link is found in the link database, 
the NM creates a new link corresponding to the new con- 
figuration information. In one or more embodiments, the 
NM displays a graphical view of the discovered IP links 
on a graphical network map. 
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